Thank you for the question! Of course you can use it that purpose.
In a few words: SpamFireWall blocks bots before they load your website.
You can read more about this feature here: https://cleantalk.org/cleantalk-spam-firewall

1. Technically it means that all SpamFireWall functionality becomes by our plugin on your site. Plugin gets blacklist from our server once a day. And then plugin use it to filter GET-requests by IP. So no traffic goes to our servers at all.
2. Just enable SpamFireWall checkbox in CleanTalk plugin settings and save them. No changes in DNS. Works with CloudFlare.

1. Which one CleanTalk plugin do you use? Is it for WordPress?
2. It is website side solution. Because SpamFireWall part of plugin for a CMS. It checks all visitors against spam active IP addresses, if the an IP matches the database the visitor get a special page. This special page has an automated (invisible) anti-spam test, legitimate will pass the page to source page even if they have a spam active IP.

yair@topishare.com wrote:But the assumption that a hacker is "nice" and will use my site pages instead of his script is false.
Do you have an API to query it from the server side?